[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-3973Date: (C)2011-10-02   (M)2023-12-22


cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
MDVSA-2012:074
MDVSA-2012:075
MDVSA-2012:076
http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=bd968d260aef322fb32e254a3de0d2036c57bd56
http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog
http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog

CPE    28
cpe:/a:ffmpeg:ffmpeg:0.3
cpe:/a:ffmpeg:ffmpeg:0.4.9:pre1
cpe:/a:ffmpeg:ffmpeg:0.5
cpe:/a:ffmpeg:ffmpeg:0.6
...
CWE    1
CWE-399
OVAL    5
oval:org.secpod.oval:def:302818
oval:org.secpod.oval:def:1300121
oval:org.secpod.oval:def:302843
oval:org.secpod.oval:def:1300055
...

© SecPod Technologies